cisco.meraki.meraki_mx_intrusion_prevention – Manage intrustion prevention in the Meraki cloud

Note

This plugin is part of the cisco.meraki collection (version 2.2.1).

To install it use: ansible-galaxy collection install cisco.meraki.

To use it in a playbook, specify: cisco.meraki.meraki_mx_intrusion_prevention.

Synopsis

• Allows for management of intrusion prevention rules networks within Meraki MX networks.

Parameters

Parameter		Choices/Defaults	Comments
allowed_rules list / elements=dictionary			List of IDs related to rules which are allowed for the organization.
	message string		Description of rule. This is overwritten by the API.
	rule_id string		ID of rule as defined by Snort.
auth_key string / required			Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.
host string		Default: "api.meraki.com"	Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China.
ids_rulesets string		Choices: connectivity balanced security	Ruleset complexity setting.
internal_error_retry_time integer		Default: 60	Number of seconds to retry if server returns an internal server error.
mode string		Choices: detection disabled prevention	Operational mode of Intrusion Prevention system.
net_id string			ID number of a network.
net_name string			Name of a network. aliases: name, network
org_id string			ID of organization.
org_name string			Name of organization. aliases: organization
output_format string		Choices: snakecase ← camelcase	Instructs module whether response keys should be snake case (ex. net_id) or camel case (ex. netId).
output_level string		Choices: debug normal ←	Set amount of debug output during module execution.
protected_networks dictionary			Set included/excluded networks for Intrusion Prevention.
	excluded_cidr list / elements=string		List of network IP ranges to exclude from scanning.
	included_cidr list / elements=string		List of network IP ranges to include in scanning.
	use_default boolean	Choices: no yes	Whether to use special IPv4 addresses per RFC 5735.
rate_limit_retry_time integer		Default: 165	Number of seconds to retry if rate limiter is triggered.
state string		Choices: absent present ← query	Create or modify an organization.
timeout integer		Default: 30	Time to timeout for HTTP requests.
use_https boolean		Choices: no yes ←	If no, it will use HTTP. Otherwise it will use HTTPS. Only useful for internal Meraki developers.
use_proxy boolean		Choices: no ← yes	If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
validate_certs boolean		Choices: no yes ←	Whether to validate HTTP certificates.

Notes

Note

• More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.

• Some of the options are likely only used for developers within Meraki.

• As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the ANSIBLE_MERAKI_FORMAT environment variable to camelcase.

• Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.

• Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.

Examples

- name: Set whitelist for organization
  meraki_intrusion_prevention:
    auth_key: '{{auth_key}}'
    state: present
    org_id: '{{test_org_id}}'
    allowed_rules:
      - rule_id: "meraki:intrusion/snort/GID/01/SID/5805"
        message: Test rule
  delegate_to: localhost

- name: Query IPS info for organization
  meraki_intrusion_prevention:
    auth_key: '{{auth_key}}'
    state: query
    org_name: '{{test_org_name}}'
  delegate_to: localhost
  register: query_org

- name: Set full ruleset with check mode
  meraki_intrusion_prevention:
    auth_key: '{{auth_key}}'
    state: present
    org_name: '{{test_org_name}}'
    net_name: '{{test_net_name}} - IPS'
    mode: prevention
    ids_rulesets: security
    protected_networks:
      use_default: true
      included_cidr:
        - 192.0.1.0/24
      excluded_cidr:
        - 10.0.1.0/24
  delegate_to: localhost

- name: Clear rules from organization
  meraki_intrusion_prevention:
    auth_key: '{{auth_key}}'
    state: absent
    org_name: '{{test_org_name}}'
    allowed_rules: []
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key			Returned	Description
data complex			success	Information about the Threat Protection settings.
	idsRulesets string		success, when network is queried or modified	Setting of selected ruleset. Sample: balanced
	mode string		success, when network is queried or modified	Enabled setting of intrusion prevention. Sample: enabled
	protectedNetworks complex		success, when network is queried or modified	Networks protected by IPS.
		excludedCidr string	success, when network is queried or modified	List of CIDR notiation networks to exclude from protection. Sample: 192.0.1.0/24
		includedCidr string	success, when network is queried or modified	List of CIDR notiation networks to protect. Sample: 192.0.1.0/24
		useDefault boolean	success, when network is queried or modified	Whether to use special IPv4 addresses. Sample: True
	whitelistedRules complex		success, when organization is queried or modified	List of whitelisted IPS rules.
		message string	success, when organization is queried or modified	Description of rule. Sample: MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines
		ruleId string	success, when organization is queried or modified	A rule identifier for an IPS rule. Sample: meraki:intrusion/snort/GID/01/SID/5805

Authors

• Kevin Breit (@kbreit)